Jun 03, 2013

    Cafe music can hijack your phone

    MUSIC piped through speakers in a cafe or a clip playing on the big screen could be a source of grief in the future, if you're carrying a smartphone or tablet that is switched on.

    Researchers have found a way to use light, sound, vibration and magnetic cues to trigger malware hidden in your phone or slate, reported tech site Computerworld last Wednesday.

    This is possible using the mobile gadgets' sensors.

    The light trigger works best at night or in dimly-lit areas, and the sound trigger could be transmitted through background music or even TV and radio programmes.

    Once the malware is activated, crooks could then make illicit calls with your phone, or use many infected devices at an airport to take down its systems, among other things. Here's the good news: It doesn't seem like it will take off, yet.

    One of the researchers from the University of Alabama at Birmingham said "this kind of attack is sophisticated and difficult to build, but it will become increasingly easier to accomplish in the future as technology improves", reported tech site The Register.

    The development is still worrying to me, due to how rapidly mobile malware is growing and how gadget-mad Singaporeans are.

    Mr David Siah, country manager for Singapore at IT security firm Trend Micro, told My Paper last Friday that based on a report last year, "what took malware in Windows 14 years to achieve in terms of volume, took mobile malware only three years".

    "Trend Micro is also predicting malicious and high-risk apps to reach one million this year. So, we can already say that mobile malware has been growing faster (than computer malware)," he said, noting that from January to March, mobile malware already numbered 500,000.

    One reason why mobile malware has grown is because of the "incredible popularity of smartphones and tablets", said Ms Michela Menting, a cyber security senior analyst at market research firm ABI Research.

    She added that the wealth of valuable data being processed and stored on these mobile devices, as well as the lack of end-user awareness in protecting that data, fuel the rise of mobile malware.

    For one thing, a study by mobile analytics firm Flurry showed that Singapore is No. 1 globally in terms of ratio of active smart devices to adults in July last year (92 per cent).

    It is possible that with so many devices and such high interest in mobile malware, a crook could work with a company insider to send a light or sound trigger to wreak havoc at a predetermined place and time, going by the new research.

    The researchers said that "malware using such channels will be very difficult or impossible to detect using traditional means".

    Thankfully, for now at least, the mobile-malware rates in Singapore are still relatively low, although there are signs it is rising.

    Trend Micro said that for every 1,000 Android apps downloaded here in the first three months of last year, 8.7 were malicious.

    But for January to March this year, this rose to 18.2.

    The reason for looking only at Android is because Trend Micro "has seen very few malware targeting other mobile platforms", said Mr Siah. And, for now, the crooks could have their eye on other threats.

    Mr David Hall from Symantec said a key mobile-malware trend his firm predicts is the growth of mobile "adware" that could potentially expose location details, contact information and device identifiers to cyber-criminals.

    Such malware often send pop-up alerts to the notification bar, change browser settings and gather personal data, said the senior manager for regional consumer-product marketing in the Asia-Pacific region and Japan.

    It would be a good idea to make sure you check the reliability of apps you're about to download, download apps only from official app stores, and check what kind of information an app seeks to access, going by advice from security experts.